Search code examples
node.jsdnsdohdns-over-https

Client cannot resolve my DoH server response

I am making a custom DoH server that should resolve some TLDs differently. I am using NodeJS to implement it. For most domains, it just proxies them to Google's DoH and it works. But when I try to resolve some custom domains, for example

mydomain.customtld

I want it to point to

bafybeie5nqv6kd3qnfjupgvz34woh3oksc3iau6abmyajn7qvtf6d2ho34.ipfs.dweb.link

I tried formating DNS response myself and it fails. So, I resorted to resolving the mentioned link (i.e. bafybeie5nqv6kd3qnfjupgvz34woh3oksc3iau6abmyajn7qvtf6d2ho34.ipfs.dweb.link) over Google DoH or some other DoH server and forwarding it to the client as a response.

So, I did the following:

  • I use dohjs nodejs library
  • I resolve mentioned link like this:
const doh = require('dohjs');
const resolver = new doh.DohResolver('https://dns.google/dns-query');

let dnsAnswer = await resolver.query(`bafybeie5nqv6kd3qnfjupgvz34woh3oksc3iau6abmyajn7qvtf6d2ho34.ipfs.dweb.link`, 'A');

And I get the following response:

{
  id: 0,
  type: 'response',
  flags: 384,
  flag_qr: true,
  opcode: 'QUERY',
  flag_aa: false,
  flag_tc: false,
  flag_rd: true,
  flag_ra: true,
  flag_z: false,
  flag_ad: false,
  flag_cd: false,
  rcode: 'NOERROR',
  questions: [
    {
      name: 'bafybeie5nqv6kd3qnfjupgvz34woh3oksc3iau6abmyajn7qvtf6d2ho34.ipfs.dweb.link',
      type: 'A',
      class: 'IN'
    }
  ],
  answers: [
    {
      name: 'bafybeie5nqv6kd3qnfjupgvz34woh3oksc3iau6abmyajn7qvtf6d2ho34.ipfs.dweb.link',
      type: 'A',
      ttl: 59,
      class: 'IN',
      flush: false,
      data: '209.94.90.1'
    }
  ],
  authorities: [],
  additionals: []
}

This seems like a valid DNS packet, but after encoding it and forwarding it to the client (Chrome in this case), it fails to resolve it.

The only thing I could think of is that response is missing additionals, but I am not sure... Specific error I get is DNS_PROBE_FINISHED_NXDOMAIN.

So, how could I solve this?

Solution

  • So, as it turns out, my DNS response packet was valid. The problem was that the URL in the browser URL bar was not the same as the one being returned in the question and answer sections of the DNS packet and it presents a problem to the browser. It is probably due to security, but when I changed the name in the answer and question sections, my DNS packet was accepted by the browser. The question is definitely wrong and out of line, but I will be keeping it, since this answer may help someone having the same problem while writing custom DoH for browsers to use.

    Cheers and thanks for the helpful comments which eventually helped me figure out that packet is okay and that the problem was somewhere else